Closed link2xt closed 5 months ago
problem confirmed in https://github.com/deltachat/chatmail/actions/runs/8470883067/job/23210037319 (it was a deployment from scratch, as the PR which executed it aims to reset staging.testrun.org on every CI run again)
test_no_vfry
fails because of permission errors:
root@staging:~# journalctl -f -t postfix/smtpd -t postfix/smtp -t postfix/lmtp
Mär 28 17:20:31 staging postfix/smtpd[9162]: connect from unknown[194.48.251.123]
Mär 28 17:20:31 staging postfix/smtpd[9162]: warning: connect to Milter service unix:opendkim/opendkim.sock: Permission denied
Mär 28 17:20:31 staging postfix/smtpd[9162]: NOQUEUE: milter-reject: CONNECT from unknown[194.48.251.123]: 451 4.7.1 Service unavailable - try again later; proto=SMTP
Mär 28 17:20:31 staging postfix/smtpd[9162]: NOQUEUE: milter-reject: EHLO from unknown[194.48.251.123]: 451 4.7.1 Service unavailable - try again later; proto=SMTP helo=<User>
On a closer look, it's because postfix wasn't added to opendkim group:
root@staging:~# ls -la /var/spool/postfix/opendkim/opendkim.sock
srwxrwx--- 1 opendkim opendkim 0 28. Mär 17:12 /var/spool/postfix/opendkim/opendkim.sock
root@staging:~# groups postfix
postfix : postfix
Which is weird, because pyinfra reports Success
:
--> Starting operation: Add postfix user to opendkim group for socket access
[staging.testrun.org] Success
After deployment in #258 postfix
is in the opendkim
group:
root@staging:~# cat /etc/group | grep opendkim
opendkim:x:995:opendkim,postfix
There is a code adding
postfix
toopendkim
group: https://github.com/deltachat/chatmail/blob/main/cmdeploy/src/cmdeploy/__init__.py#L141-L146But on the forum it's reported that it did not work on a fresh chatmail setup: https://support.delta.chat/t/error-sending-messages-between-accounts-on-self-hosted-chatmail/2933/6
This should be tested on a fresh setup to confirm, running
cmdeploy run
only once and checking ifpostfix
is inopendkim
group.